Home Library Learn Samples Downloads Support Community Forums
MSDN Library
Servers and Enterprise Development
SQL Server
SQL Server 2008 R2
Product Documentation
SQL Server 2008 R2 Books Online
Database Engine
Technical Reference
Transact-SQL Reference
Data Definition Language (DDL) Statements (Transact-SQL)
ALTER Statements (Transact-SQL)
ALTER APPLICATION ROLE (Transact-SQL)
ALTER ASSEMBLY (Transact-SQL)
ALTER ASYMMETRIC KEY (Transact-SQL)
ALTER AUTHORIZATION (Transact-SQL)
ALTER BROKER PRIORITY (Transact-SQL)
ALTER CERTIFICATE (Transact-SQL)
ALTER CREDENTIAL (Transact-SQL)
ALTER CRYPTOGRAPHIC PROVIDER (Transact-SQL)
ALTER DATABASE (Transact-SQL)
ALTER DATABASE AUDIT SPECIFICATION (Transact-SQL)
ALTER DATABASE ENCRYPTION KEY (Transact-SQL)
ALTER ENDPOINT (Transact-SQL)
ALTER EVENT SESSION (Transact-SQL)
ALTER FULLTEXT CATALOG (Transact-SQL)
ALTER FULLTEXT INDEX (Transact-SQL)
ALTER FULLTEXT STOPLIST (Transact-SQL)
ALTER FUNCTION (Transact-SQL)
ALTER INDEX (Transact-SQL)
ALTER LOGIN (Transact-SQL)
ALTER MASTER KEY (Transact-SQL)
ALTER MESSAGE TYPE (Transact-SQL)
ALTER PARTITION FUNCTION (Transact-SQL)
ALTER PARTITION SCHEME (Transact-SQL)
ALTER PROCEDURE (Transact-SQL)
ALTER QUEUE (Transact-SQL)
ALTER REMOTE SERVICE BINDING (Transact-SQL)
ALTER RESOURCE GOVERNOR (Transact-SQL)
ALTER RESOURCE POOL (Transact-SQL)
ALTER ROLE (Transact-SQL)
ALTER ROUTE (Transact-SQL)
ALTER SCHEMA (Transact-SQL)
ALTER SERVER AUDIT (Transact-SQL)
ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)
ALTER SERVER CONFIGURATION (Transact-SQL)
ALTER SERVICE (Transact-SQL)
ALTER SERVICE MASTER KEY (Transact-SQL)
ALTER SYMMETRIC KEY (Transact-SQL)
ALTER TABLE (Transact-SQL)
ALTER TRIGGER (Transact-SQL)
ALTER USER (Transact-SQL)
ALTER VIEW (Transact-SQL)
ALTER WORKLOAD GROUP (Transact-SQL)
ALTER XML SCHEMA COLLECTION (Transact-SQL)
Expand Minimize
This topic has not yet been rated - Rate this topic

ALTER CERTIFICATE (Transact-SQL)

SQL Server 2008 R2

Changes the private key used to encrypt a certificate, or adds one if none is present. Changes the availability of a certificate to Service Broker.

Topic link icon Transact-SQL Syntax Conventions

Copy 

ALTER CERTIFICATE certificate_name 
    REMOVE PRIVATE KEY
    |
    WITH PRIVATE KEY ( <private_key_spec> [ ,... ] )
    |
    WITH ACTIVE FOR BEGIN_DIALOG = [ ON | OFF ]

<private_key_spec> ::= 
    FILE = 'path_to_private_key' 
    |
    DECRYPTION BY PASSWORD = 'key_password' 
    |
    ENCRYPTION BY PASSWORD = 'password'
certificate_name

Is the unique name by which the certificate is known in database.

FILE ='path_to_private_key'

Specifies the complete path, including file name, to the private key. This parameter can be a local path or a UNC path to a network location. This file will be accessed within the security context of the SQL Server service account. When you use this option, you must make sure that the service account has access to the specified file.

DECRYPTION BY PASSWORD ='key_password'

Specifies the password that is required to decrypt the private key.

ENCRYPTION BY PASSWORD ='password'

Specifies the password used to encrypt the private key of the certificate in the database. password must meet the Windows password policy requirements of the computer that is running the instance of SQL Server. For more information, see Password Policy.

REMOVE PRIVATE KEY

Specifies that the private key should no longer be maintained inside the database.

ACTIVE FOR BEGIN_DIALOG = { ON | OFF }

Makes the certificate available to the initiator of a Service Broker dialog conversation.

The private key must correspond to the public key specified by certificate_name.

The DECRYPTION BY PASSWORD clause can be omitted if the password in the file is protected with a null password.

When the private key of a certificate that already exists in the database is imported from a file, the private key will be automatically protected by the database master key. To protect the private key with a password, use the ENCRYPTION BY PASSWORD phrase.

The REMOVE PRIVATE KEY option will delete the private key of the certificate from the database. You can do this when the certificate will be used to verify signatures or in Service Broker scenarios that do not require a private key. Do not remove the private key of a certificate that protects a symmetric key.

You do not have to specify a decryption password when the private key is encrypted by using the database master key.

Important noteImportant

Always make an archival copy of a private key before removing it from a database. For more information, see BACKUP CERTIFICATE (Transact-SQL).

Requires ALTER permission on the certificate.

A. Changing the password of a certificate

Copy 
ALTER CERTIFICATE Shipping04 
    WITH PRIVATE KEY (DECRYPTION BY PASSWORD = 'pGF$5DGvbd2439587y',
    ENCRYPTION BY PASSWORD = '4-329578thlkajdshglXCSgf');
GO

B. Changing the password that is used to encrypt the private key

Copy 
ALTER CERTIFICATE Shipping11 
    WITH PRIVATE KEY (ENCRYPTION BY PASSWORD = '34958tosdgfkh##38',
    DECRYPTION BY PASSWORD = '95hkjdskghFDGGG4%');
GO

C. Importing a private key for a certificate that is already present in the database

Copy 
ALTER CERTIFICATE Shipping13 
    WITH PRIVATE KEY (FILE = 'c:\\importedkeys\Shipping13',
    DECRYPTION BY PASSWORD = 'GDFLKl8^^GGG4000%');
GO

D. Changing the protection of the private key from a password to the database master key

Copy 
ALTER CERTIFICATE Shipping15 
    WITH PRIVATE KEY (DECRYPTION BY PASSWORD = '95hk000eEnvjkjy#F%');
GO
Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft. All rights reserved.
|
Site Feedback
© 2013 Microsoft. All rights reserved.